/**
 * Tests the behavior of the _mergeAuthzCollections command.
 */

function assertUsersAndRolesHaveRole(admin, role) {
    admin.system.users.find().forEach( function(doc) {
                                           assert.eq(1, doc.roles.length);
                                           assert.eq(role, doc.roles[0].role);
                                       });
    admin.system.roles.find().forEach( function(doc) {
                                           assert.eq(1, doc.roles.length);
                                           assert.eq(role, doc.roles[0].role);
                                       });

}
function runTest(conn) {
    var db = conn.getDB('test');
    var admin = conn.getDB('admin');

    jsTestLog("Creating users and roles in temp collections");
    db.createUser({user: 'spencer', pwd: 'pwd', roles: ['read']});
    admin.createUser({user: 'andreas', pwd: 'pwd', roles: ['read']});
    db.createRole({role: 'role1', roles: ['read'], privileges: []});
    admin.createRole({role: 'adminRole1', roles: ['read'], privileges: []});

    // Move the newly created users/roles to the temp collections to be used later by
    // _mergeAuthzCollections
    admin.system.users.find().forEach(function (doc) { admin.tempusers.insert(doc); });
    admin.system.roles.find().forEach(function (doc) { admin.temproles.insert(doc); });

    admin.system.users.remove({});
    admin.system.roles.remove({});

    jsTestLog("Creating users and roles that should be overriden by _mergeAuthzCollections");
    db.createUser({user: 'spencer', pwd: 'pwd', roles: ['readWrite']});
    db.createUser({user: 'andy', pwd: 'pwd', roles: ['readWrite']});
    admin.createUser({user: 'andreas', pwd: 'pwd', roles: ['readWrite']});
    db.createRole({role: 'role1', roles: ['readWrite'], privileges: []});
    db.createRole({role: 'role2', roles: ['readWrite'], privileges: []});
    admin.createRole({role: 'adminRole1', roles: ['readWrite'], privileges: []});

    assert.eq(3, admin.system.users.count());
    assert.eq(3, admin.system.roles.count());
    assertUsersAndRolesHaveRole(admin, "readWrite");

    jsTestLog("Overriding existing system.users and system.roles collections");
    assert.commandWorked(admin.runCommand({_mergeAuthzCollections: 1,
                                           tempUsersCollection: 'admin.tempusers',
                                           tempRolesCollection: 'admin.temproles',
                                           db: "",
                                           drop: true}));

    assert.eq(2, admin.system.users.count());
    assert.eq(2, admin.system.roles.count());
    assertUsersAndRolesHaveRole(admin, "read");

    admin.system.users.remove({});
    admin.system.roles.remove({});

    jsTestLog("Creating users and roles that should be persist after _mergeAuthzCollections");
    db.createUser({user: 'bob', pwd: 'pwd', roles: ['read']});
    admin.createUser({user: 'george', pwd: 'pwd', roles: ['read']});
    db.createRole({role: 'role3', roles: ['read'], privileges: []});
    admin.createRole({role: 'adminRole2', roles: ['read'], privileges: []});

    assert.eq(2, admin.system.users.count());
    assert.eq(2, admin.system.roles.count());
    assertUsersAndRolesHaveRole(admin, "read");

    jsTestLog("Adding users/roles from temp collections to the existing users/roles");
    assert.commandWorked(admin.runCommand({_mergeAuthzCollections: 1,
                                           tempUsersCollection: 'admin.tempusers',
                                           tempRolesCollection: 'admin.temproles',
                                           db: "",
                                           drop: false}));


    assert.eq(4, admin.system.users.count());
    assert.eq(4, admin.system.roles.count());
    assertUsersAndRolesHaveRole(admin, "read");


    jsTestLog("Make sure adding duplicate users/roles fails to change anything if 'drop' is false");

    admin.system.users.remove({});
    admin.system.roles.remove({});

    // Create users/roles with the same names as those in the dump but different roles
    db.createUser({user: 'spencer', pwd: 'pwd', roles: ['readWrite']});
    admin.createUser({user: 'andreas', pwd: 'pwd', roles: ['readWrite']});
    db.createRole({role: 'role1', roles: ['readWrite'], privileges: []});
    admin.createRole({role: 'adminRole1', roles: ['readWrite'], privileges: []});

    assert.eq(2, admin.system.users.count());
    assert.eq(2, admin.system.roles.count());
    assertUsersAndRolesHaveRole(admin, "readWrite");

    // This should succeed but have no effect as every user/role it tries to restore already exists
    assert.commandWorked(admin.runCommand({_mergeAuthzCollections: 1,
                                           tempUsersCollection: 'admin.tempusers',
                                           tempRolesCollection: 'admin.temproles',
                                           db: "",
                                           drop: false}));

    assert.eq(2, admin.system.users.count());
    assert.eq(2, admin.system.roles.count());
    assertUsersAndRolesHaveRole(admin, "readWrite");
}

jsTest.log('Test standalone');
var conn = MongoRunner.runMongod({});
runTest(conn);
MongoRunner.stopMongod(conn.port);

jsTest.log('Test sharding');
var st = new ShardingTest({ shards: 2, config: 3 });
runTest(st.s);
st.stop();
